There’s no end in sight for Telecom email users. While the company’s move to require the use of SSL for email access (Really, all those email passwords were transmitted in the clear over those WiFi access points around the world up until now?) is a Good Move™, the fact they got the SSL certificate with the wrong server name is troubling.

Apparently this certificate was issued to pop3r.xtra.co.nz instead of pop3.xtra.co.nz. People are accepting this certificate just so they can get to their emails. This is bad because I’ve seen comments such as “just accept it I need to get to my emails”.

@freitasm That would explain a lot. Had to add an exception for the cert when my Mum started shouting at Thunderbird.

Not everyone is seeing this error, which points to multiple servers having a good certificate and at least one of them having a bad certificate.

What happens next time these users see a certificate error? They will repeat the “just accept it” routine, thinking it’s just another small problem? Do these people actually know the implication of accepting SSL certs left, right and centre? Probably not. And here is the problem.